May. 2, 2014 - 11:29AM
|

Tippett (U.S. Military Academy Twitter photo)

Punctured firewalls. Denial-of-service attacks. Rampant viruses. Insecure laptops linked to a secured network by general officers with more stars than cyber-sense.

Teams from all of the nation’s service academies spent three days in early April parrying simulated attacks directed by National Security Agency experts. About 30 U.S. Military Academy cadets scrambled to stop threats from all corners in what their team leader, senior Hayden Tippett, described as a “complex game of Whac-A-Mole.”

After the NSA compiled the stats, the U.S. Military Academy had notched the most moles, edging Air Force to win the Cyber Defense Exercise for the seventh time in the contest’s 14 years.

Tippett’s other service-academy rivalry experience has been on a grander scale as a fullback for the Army football team, but it hasn’t been quite as successful. Regardless, he and his cyberwarfare team got to “sing second” when the news came out April 11 — or fifth, really, after Navy, Air Force, the Coast Guard and the Merchant Marine all lost to Army.

“It’s a different group of men going for a different prize,” said Tippett, “but still a great feeling.”

Students build their simulated networks and spend sleepless nights preparing for the types of cyber-curveballs that could come from an NSA-backed “red team” of hackers. There were nights school officials locked the computer room, Tippett said, because past years’ teams had slept under their desks too often.

On the morning of April 8, readiness gave way to reaction as the hackers descended. Along with the typical bashing of firewalls, the contest brought some tricks: Teams were asked to install a web application on their network that was vulnerable to attacks, for example.

And then there was the simulated general, bearing unwelcome gifts.

“We had to let him access the network with a compromised laptop, because you can never talk a general out of sticking his laptop on your network,” Tippett said.

A long cyber-march

Attacks continued for the better part of three days. Scores were tabulated based on how well the network’s services held up and how secure they remained, along with other factors.

The NSA provided a running tally. Tippett and his team didn’t buy it.

“We always considered it a lie,” he said “We didn’t want to rely on iffy standings, whether we were edging ahead of [other academies].”

Army held the lead when the exercise ended, according to the unofficial scores, but officials had more data to crunch before declaring a winner. The cadets kept their edge, and the senior-dominated squad had a lasting victory to savor in their final weeks before graduation.

“It was really incredible,” Tippett said. “We know each other really well. You’d think after two straight weeks in the lab that we would all want to go our separate ways, but it was interesting — we were all hanging out afterward. It spoke toward the camaraderie we had as a team.”

That shared experience, from all teams involved, is one that event organizers hope they’ll carry throughout their time in service.

“Once they’ve been through an exercise like CDX, they haven’t just read about being under attack, they’ve felt it,” said Neal Ziring, technical director of NSA’s Information Assurance Directorate, in the release announcing the Army win. “And that is the best thing for them to bring into their military careers defending our nation.”

Future contestants will benefit from in-depth feedback from NSA officials into the strengths and weaknesses of the simulated networks: The red team will detail how it exploited different systems, Tippett said, with teams able to strengthen next year’s efforts based on the report.

That could give Army an edge as it tries to extend its cyber bragging rights.

“It’s always a good time when you can beat Navy and beat Air Force,” said Tippett, who chose infantry for his post-academy service and plans to include cyberwarfare in his graduate studies.